[go: up one dir, main page]

US20120204229A1 - Method and system for authenticating an end user - Google Patents

Method and system for authenticating an end user Download PDF

Info

Publication number
US20120204229A1
US20120204229A1 US13/451,952 US201213451952A US2012204229A1 US 20120204229 A1 US20120204229 A1 US 20120204229A1 US 201213451952 A US201213451952 A US 201213451952A US 2012204229 A1 US2012204229 A1 US 2012204229A1
Authority
US
United States
Prior art keywords
nodes
server
mask
client
root nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/451,952
Other versions
US8875250B2 (en
Inventor
Frederic Bauchot
Flemming Boegelund
Steven Earl Hicks
Gerard Marmigere
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US13/451,952 priority Critical patent/US8875250B2/en
Publication of US20120204229A1 publication Critical patent/US20120204229A1/en
Priority to US14/492,150 priority patent/US9350722B2/en
Application granted granted Critical
Publication of US8875250B2 publication Critical patent/US8875250B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04842Selection of displayed objects or displayed text elements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present invention relates to authenticating an end user; more specifically, authenticating an end user by means of dynamic information to prevent fraud.
  • 1-way authentication hereinafter means identifying only a single party to a multiple party transaction.
  • Conventional authentication methods usually call for an end user to authenticate to an entity (e.g. bank, credit card company, government agency, etc.) without the entity authenticating to the end user.
  • entity e.g. bank, credit card company, government agency, etc.
  • phishing hereinafter means an attempt to criminally and/or fraudulently acquire sensitive information by masquerading as a trustworthy entity in an electronic medium.
  • a method for authenticating an end user comprising generating a first mask in response to an authentication request from an end user, the first mask comprising a set of root nodes, a set of server nodes, and a set of client nodes each being unique to the end user, a first subset of root nodes being transparent and randomly selected from the set of root nodes, a second subset of root nodes being opaque, a first subset of server nodes being transparent and randomly selected from the set of server nodes, a second subset of server nodes being opaque, the set of client nodes being opaque; and determining authenticity of the end user based on comparing data received from the end user with the first subset of root nodes, the data comprising a set of nodes selected by the end user, the end user having selected the data in response to the first mask.
  • the present invention provides a system and method that overcomes at least one of the current disadvantages of conventional methods.
  • FIG. 1 illustrates a graphical representation of a mask, in accordance with embodiments of the present invention.
  • FIG. 2 illustrates a graphical representation of the combination of server mask and client mask, in accordance with embodiments of the present invention.
  • FIG. 3 illustrates a flow chart of operations depicting a method for authenticating an end user, in accordance with embodiments of the present invention.
  • FIG. 4 illustrates a computer system which may facilitate authenticating an end user, in accordance with embodiments of the present invention.
  • One embodiment of the present invention utilizes two displays to facilitate authenticating an end user.
  • the first display being controlled by a server while the end user controls the second display.
  • the second display is a liquid crystal display (LCD) contained within a card.
  • the card may be similar to that of a credit card, charge card, debit card, etc.
  • first and second displays share some geometrical characteristics. Specifically, the width and height, measured in pixels, are identical for both the first and second display. Alternative embodiments measure the height and width of the first and second displays in units other than pixels; potentially in millimeters, centimeters, inches, etc.
  • the first and second displays are each utilized in an embodiment of the present invention to represent the mask illustrated in FIG. 1 .
  • FIG. 1 illustrates a graphical representation of a mask 100 , in accordance with embodiments of the present invention.
  • the term node and/or nodes as used in this application and accompanying drawings hereinafter means a single point in the mask.
  • the mask 100 comprises a set of server nodes 102 , a set of root nodes 104 , and a set of client nodes 106 .
  • the sets of server nodes 102 , root nodes 104 , and client nodes 106 are unique in that their union make up the entire viewable area of the first and/or second display. Furthermore, the intersection of the set of server nodes 102 , the set of root nodes 104 , and the set of client nodes 106 is disjoint.
  • the number of nodes in the set of server nodes 102 and the number of nodes in the set of client nodes 106 are equivalent, if not the same number. Additionally, the nodes designated to the set of server nodes 102 as well as the set of client nodes 106 are randomly selected and therefore not easily guessed. Likewise, the nodes comprising the root nodes 104 are randomly selected to avoid guessing.
  • FIG. 2 illustrates a graphical representation of the combination of server mask 200 and client mask 202 , in accordance with embodiments of the present invention.
  • the first display generates the server mask 200 while the second display generates the client mask 202 .
  • the server mask 200 and client mask 202 comprise two differently displayed sets of nodes.
  • the set of nodes collectively called the selected nodes are transparent while the set of nodes collectively called the un-selected nodes are opaque.
  • the transparent nodes allow for a background pattern to be seen through the nodes, the background pattern being such a bright pattern to maximize contrast between the dark pattern designated for the opaque nodes.
  • the set of transparent nodes in the server mask 200 comprises a randomly selected subset of the server nodes 102 .
  • the set of transparent nodes in the server mask 200 also comprises a randomly selected subset of the root nodes 104 .
  • the set of opaque nodes in the server mask 200 comprises the supplement of the server nodes 102 and the supplement of the root nodes 104 . Additionally, the set of opaque nodes in the server mask 200 contains the entire set of client nodes 106 .
  • the set of transparent nodes in the client mask 202 comprises a different randomly selected subset of the root nodes 104 .
  • the set of transparent nodes in the client mask 202 also comprises a randomly selected subset of the client nodes 106 .
  • the set of opaque nodes in the client mask 202 comprises all of the server nodes 102 , the supplement of the root nodes 104 , and the supplement of the client nodes 106 .
  • a unique feature of the present invention which solves the problems left unsolved by the conventional method of authentication is in the way the server mask 200 and client mask 202 are used together to authenticate an end user. Since the set of server nodes 102 and the set of client nodes 106 are disjoint, when an end user overlays the client mask 202 onto the server mask 200 , all the server nodes 102 and client nodes 106 appear opaque. The resulting overlay 204 displays only a randomly selected subset of the rood nodes 104 which both the server mask 200 and the client mask 202 displayed as transparent.
  • the present invention prevents other individuals or entities from fraudulently authenticate to the server by capturing the contents of the client mask 202 . This is due to the fact that the transparent nodes contained in the client mask 202 are randomly selected for each authentication session and thus a previously generated client mask 202 has an infinitesimally small chance of granting authentication in the future.
  • the present invention also prevents an end user from unsuspectingly providing confidential information to a phishing entity by utilizing two-way authentication. This is due to the fact that the set of server nodes 102 is unique only to an end user are not known to the general public. Therefore, if a phishing site were to attempt a fraudulent authentication session with an end user, there is an infinitesimally small chance the phishing attack would select the correct set of server nodes 102 to display in the server mask 200 . An end user noticing an unusually large number of Z nodes in the overlay 204 would instantly recognize that the server mask 200 was fraudulently created and thus not provide confidential information. Therefore, an end user not only authenticates to a server, the server authenticates to the end user to maximize the protection of confidential information.
  • FIG. 3 illustrates a flow chart of operations depicting a method 300 for authenticating an end user, in accordance with embodiments of the present invention. Note the client side actions and the server side actions are generally indicated by the separation provided by the dashed line 302 .
  • the method 300 begins with step 306 which generates the server mask.
  • Step 306 generates a server mask in response to an end user's request to authenticate 304 .
  • the request for authentication 304 comprises a user ID and/or password associated with the end user.
  • the server mask 200 generated by step 306 comprises a randomly selected subset of root nodes 104 which are unique to the end user requesting said authentication.
  • Step 308 comprises the end user submitting authentication data to the method 300 .
  • the end user facilitates the selection of the authentication data D to submit in 308 by utilizing a second display contained in a card sized device which therein creates a client mask 202 .
  • the end user overlays the client mask 202 onto the server mask 200 , generating the overlay 204 of FIG. 2 , supra.
  • the end user selects the transparent nodes contained in the overlay 204 for submission as the authentication data.
  • step 310 determines the validity of the authentication data.
  • Step 310 determines whether the authentication is valid based on the authentication data submitted 308 by the end user.
  • the end user submits authentication data 308 , identified as D, which represents transparent nodes contained in the server mask 200 . If each node in set D corresponds to a root node 104 randomly selected to appear transparent in the server mask 200 , the method 300 grants authentication 316 to the end user. However, if even a single node in set D does not correspond to any of the root nodes 104 randomly selected to appear transparent in the server mask 200 , the method 300 denies authentication 314 to the end user.
  • FIG. 4 illustrates a computer system which may facilitate authenticating an end user, in accordance with embodiments of the present invention.
  • the computer system 900 comprises a processor 908 , an input device 906 coupled to the processor 908 , an output device 910 coupled to the processor 908 , and memory devices 902 and 912 each coupled to the processor 908 .
  • the input device 906 may be, inter alia, a keyboard, a mouse, a keypad, a touchscreen, a voice recognition device, a sensor, a network interface card (NIC), a Voice/video over Internet Protocol (VOIP) adapter, a wireless adapter, a telephone adapter, a dedicated circuit adapter, etc.
  • NIC network interface card
  • VOIP Voice/video over Internet Protocol
  • the output device 910 may be, inter alia, a printer, a plotter, a computer screen, a magnetic tape, a removable hard disk, a floppy disk, a NIC, a VOIP adapter, a wireless adapter, a telephone adapter, a dedicated circuit adapter, an audio and/or visual signal generator, a light emitting diode (LED), etc.
  • the memory devices 902 and 912 may be, inter alia, a cache, a dynamic random access memory (DRAM), a read-only memory (ROM), a hard disk, a floppy disk, a magnetic tape, an optical storage such as a compact disc (CD) or a digital video disc (DVD), etc.
  • the memory device 912 includes a computer code 914 which is a computer program that comprises computer-executable instructions.
  • the computer code 914 includes, inter alia, an algorithm used for authenticating an end user according to the present invention.
  • the processor 908 executes the computer code 914 .
  • the memory device 902 includes input data 904 .
  • the input data 904 includes input required by the computer code 914 .
  • the output device 910 displays output from the computer code 914 .
  • Either or both memory devices 902 and 912 may be used as a computer usable medium (or a computer readable medium or a program storage device) having a computer readable program embodied therein and/or having other data stored therein, wherein the computer readable program comprises the computer code 914 .
  • a computer program product (or, alternatively, an article of manufacture) of the computer system 900 may comprise said computer usable medium (or said program storage device).
  • any of the components of the present invention can be deployed, managed, serviced, etc. by a service provider that offers to deploy or integrate computing infrastructure with respect to a process for authenticating an end user.
  • the present invention discloses a process for supporting computer infrastructure, comprising integrating, hosting, maintaining and deploying computer-readable code into a computing system (e.g., computing system 900 ), wherein the code in combination with the computing system is capable of performing a method for authenticating an end user.
  • the invention provides a business method that performs the process steps of the invention on a subscription, advertising and/or fee basis. That is, a service provider, such as a Solution Integrator, can offer to create, maintain, support, etc. a process for authenticating an end user. In this case, the service provider can create, maintain, support, etc. a computer infrastructure that performs the process steps of the invention for one or more customers. In return, the service provider can receive payment from the customer(s) under a subscription and/or fee agreement, and/or the service provider can receive payment from the sale of advertising content to one or more third parties.
  • a service provider such as a Solution Integrator
  • the service provider can receive payment from the customer(s) under a subscription and/or fee agreement, and/or the service provider can receive payment from the sale of advertising content to one or more third parties.
  • FIG. 4 shows the computer system 900 as a particular configuration of hardware and software
  • any configuration of hardware and software as would be known to a person of ordinary skill in the art, may be utilized for the purposes stated supra in conjunction with the particular computer system 900 of FIG. 4 .
  • the memory devices 902 and 912 may be portions of a single memory device rather than separate memory devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Software Systems (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Human Computer Interaction (AREA)
  • User Interface Of Digital Computer (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A method and associated system for authenticating an end user. A selected subset of root nodes of a set of root nodes in a server mask is received, the selected subset of root nodes having been selected by the end user. In response to the receiving of the selected subset of root nodes, the end user is authenticated by determining that the spatial location in the server mask of each root node of the selected subset of root nodes matches a spatial position of a corresponding root node of a server set of transparent root nodes in the server mask, wherein the server set of transparent root nodes are a result of a first random selection of root nodes from the set of root nodes in the server mask.

Description

  • This application is a continuation application claiming priority to Ser. No. 12/128,060, filed May 28, 2008.
    • BACKGROUND OF THE INVENTION
  • The present invention relates to authenticating an end user; more specifically, authenticating an end user by means of dynamic information to prevent fraud.
  • Conventional authentication methods utilize static information to validate an end user. Since static information by its very nature rarely changes, individuals can easily capture an end user's authentication information for fraudulent use in the future.
  • Furthermore, conventional authentication methods traditionally employ only 1-way authentication. The term 1-way authentication hereinafter means identifying only a single party to a multiple party transaction. Conventional authentication methods usually call for an end user to authenticate to an entity (e.g. bank, credit card company, government agency, etc.) without the entity authenticating to the end user. The use of 1-way authentication methods exposes an end user to phishing attacks. The term phishing hereinafter means an attempt to criminally and/or fraudulently acquire sensitive information by masquerading as a trustworthy entity in an electronic medium.
    • SUMMARY OF THE INVENTION
  • A method for authenticating an end user, said method comprising generating a first mask in response to an authentication request from an end user, the first mask comprising a set of root nodes, a set of server nodes, and a set of client nodes each being unique to the end user, a first subset of root nodes being transparent and randomly selected from the set of root nodes, a second subset of root nodes being opaque, a first subset of server nodes being transparent and randomly selected from the set of server nodes, a second subset of server nodes being opaque, the set of client nodes being opaque; and determining authenticity of the end user based on comparing data received from the end user with the first subset of root nodes, the data comprising a set of nodes selected by the end user, the end user having selected the data in response to the first mask.
  • The present invention provides a system and method that overcomes at least one of the current disadvantages of conventional methods.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 illustrates a graphical representation of a mask, in accordance with embodiments of the present invention.
  • FIG. 2 illustrates a graphical representation of the combination of server mask and client mask, in accordance with embodiments of the present invention.
  • FIG. 3 illustrates a flow chart of operations depicting a method for authenticating an end user, in accordance with embodiments of the present invention.
  • FIG. 4 illustrates a computer system which may facilitate authenticating an end user, in accordance with embodiments of the present invention.
    •  DETAILED DESCRIPTION OF THE DRAWINGS
  • Although certain embodiments of the present invention are described herein, it is understood modifications may be made to the present invention without departing from its course and scope. Scope of the present invention is not limited to the number of constituting components, the materials thereof, the shapes thereof, the relative arrangement thereof, etc. Furthermore, while the accompanying drawings illustrate certain embodiments of the present invention, such drawings are not necessarily depicted to scale.
  • One embodiment of the present invention utilizes two displays to facilitate authenticating an end user. The first display being controlled by a server while the end user controls the second display. In one embodiment of the present invention the second display is a liquid crystal display (LCD) contained within a card. The card may be similar to that of a credit card, charge card, debit card, etc.
  • Furthermore, the first and second displays share some geometrical characteristics. Specifically, the width and height, measured in pixels, are identical for both the first and second display. Alternative embodiments measure the height and width of the first and second displays in units other than pixels; potentially in millimeters, centimeters, inches, etc. The first and second displays are each utilized in an embodiment of the present invention to represent the mask illustrated in FIG. 1.
  • FIG. 1 illustrates a graphical representation of a mask 100, in accordance with embodiments of the present invention. The term node and/or nodes as used in this application and accompanying drawings hereinafter means a single point in the mask.
  • The mask 100 comprises a set of server nodes 102, a set of root nodes 104, and a set of client nodes 106. The sets of server nodes 102, root nodes 104, and client nodes 106 are unique in that their union make up the entire viewable area of the first and/or second display. Furthermore, the intersection of the set of server nodes 102, the set of root nodes 104, and the set of client nodes 106 is disjoint.
  • In one embodiment of the present invention the number of nodes in the set of server nodes 102 and the number of nodes in the set of client nodes 106 are equivalent, if not the same number. Additionally, the nodes designated to the set of server nodes 102 as well as the set of client nodes 106 are randomly selected and therefore not easily guessed. Likewise, the nodes comprising the root nodes 104 are randomly selected to avoid guessing.
  • FIG. 2 illustrates a graphical representation of the combination of server mask 200 and client mask 202, in accordance with embodiments of the present invention.
  • In one embodiment of the present invention the first display generates the server mask 200 while the second display generates the client mask 202. The server mask 200 and client mask 202 comprise two differently displayed sets of nodes. The set of nodes collectively called the selected nodes are transparent while the set of nodes collectively called the un-selected nodes are opaque. The transparent nodes allow for a background pattern to be seen through the nodes, the background pattern being such a bright pattern to maximize contrast between the dark pattern designated for the opaque nodes.
  • The set of transparent nodes in the server mask 200 comprises a randomly selected subset of the server nodes 102. The set of transparent nodes in the server mask 200 also comprises a randomly selected subset of the root nodes 104. The set of opaque nodes in the server mask 200 comprises the supplement of the server nodes 102 and the supplement of the root nodes 104. Additionally, the set of opaque nodes in the server mask 200 contains the entire set of client nodes 106.
  • The set of transparent nodes in the client mask 202 comprises a different randomly selected subset of the root nodes 104. The set of transparent nodes in the client mask 202 also comprises a randomly selected subset of the client nodes 106. The set of opaque nodes in the client mask 202 comprises all of the server nodes 102, the supplement of the root nodes 104, and the supplement of the client nodes 106.
  • A unique feature of the present invention which solves the problems left unsolved by the conventional method of authentication is in the way the server mask 200 and client mask 202 are used together to authenticate an end user. Since the set of server nodes 102 and the set of client nodes 106 are disjoint, when an end user overlays the client mask 202 onto the server mask 200, all the server nodes 102 and client nodes 106 appear opaque. The resulting overlay 204 displays only a randomly selected subset of the rood nodes 104 which both the server mask 200 and the client mask 202 displayed as transparent.
  • In order to ensure the server mask 200 and the client mask 202 share root nodes as displayed in 204, a number of root nodes 104 must be randomly selected. If N represents the entire set of root nodes 104, the server mask 200 must select a X number of root nodes 104 wherein ½N<X<N. Additionally, the client mask 202 must select a Y number of root nodes 104 wherein ½ N<Y<N. Therefore, in order to authenticate the end user, said end user must select an Z number of nodes from the overlay 204 wherein Z=X+Y−N.
  • The present invention prevents other individuals or entities from fraudulently authenticate to the server by capturing the contents of the client mask 202. This is due to the fact that the transparent nodes contained in the client mask 202 are randomly selected for each authentication session and thus a previously generated client mask 202 has an infinitesimally small chance of granting authentication in the future.
  • The present invention also prevents an end user from unsuspectingly providing confidential information to a phishing entity by utilizing two-way authentication. This is due to the fact that the set of server nodes 102 is unique only to an end user are not known to the general public. Therefore, if a phishing site were to attempt a fraudulent authentication session with an end user, there is an infinitesimally small chance the phishing attack would select the correct set of server nodes 102 to display in the server mask 200. An end user noticing an unusually large number of Z nodes in the overlay 204 would instantly recognize that the server mask 200 was fraudulently created and thus not provide confidential information. Therefore, an end user not only authenticates to a server, the server authenticates to the end user to maximize the protection of confidential information.
  • FIG. 3 illustrates a flow chart of operations depicting a method 300 for authenticating an end user, in accordance with embodiments of the present invention. Note the client side actions and the server side actions are generally indicated by the separation provided by the dashed line 302. The method 300 begins with step 306 which generates the server mask.
  • Step 306 generates a server mask in response to an end user's request to authenticate 304. In one embodiment of the present invention the request for authentication 304 comprises a user ID and/or password associated with the end user. The server mask 200 generated by step 306 comprises a randomly selected subset of root nodes 104 which are unique to the end user requesting said authentication. After completion of step 306, the method continues with step 308 wherein the end user submits authentication data.
  • Step 308 comprises the end user submitting authentication data to the method 300. In one embodiment of the present invention, the end user facilitates the selection of the authentication data D to submit in 308 by utilizing a second display contained in a card sized device which therein creates a client mask 202. The end user overlays the client mask 202 onto the server mask 200, generating the overlay 204 of FIG. 2, supra. In one embodiment of the present invention the end user then selects the transparent nodes contained in the overlay 204 for submission as the authentication data. After completion of step 306, the method 300 continues with step 310 which determines the validity of the authentication data.
  • Step 310 determines whether the authentication is valid based on the authentication data submitted 308 by the end user. The end user submits authentication data 308, identified as D, which represents transparent nodes contained in the server mask 200. If each node in set D corresponds to a root node 104 randomly selected to appear transparent in the server mask 200, the method 300 grants authentication 316 to the end user. However, if even a single node in set D does not correspond to any of the root nodes 104 randomly selected to appear transparent in the server mask 200, the method 300 denies authentication 314 to the end user.
  • FIG. 4 illustrates a computer system which may facilitate authenticating an end user, in accordance with embodiments of the present invention.
  • The computer system 900 comprises a processor 908, an input device 906 coupled to the processor 908, an output device 910 coupled to the processor 908, and memory devices 902 and 912 each coupled to the processor 908.
  • The input device 906 may be, inter alia, a keyboard, a mouse, a keypad, a touchscreen, a voice recognition device, a sensor, a network interface card (NIC), a Voice/video over Internet Protocol (VOIP) adapter, a wireless adapter, a telephone adapter, a dedicated circuit adapter, etc.
  • The output device 910 may be, inter alia, a printer, a plotter, a computer screen, a magnetic tape, a removable hard disk, a floppy disk, a NIC, a VOIP adapter, a wireless adapter, a telephone adapter, a dedicated circuit adapter, an audio and/or visual signal generator, a light emitting diode (LED), etc.
  • The memory devices 902 and 912 may be, inter alia, a cache, a dynamic random access memory (DRAM), a read-only memory (ROM), a hard disk, a floppy disk, a magnetic tape, an optical storage such as a compact disc (CD) or a digital video disc (DVD), etc. The memory device 912 includes a computer code 914 which is a computer program that comprises computer-executable instructions.
  • The computer code 914 includes, inter alia, an algorithm used for authenticating an end user according to the present invention. The processor 908 executes the computer code 914. The memory device 902 includes input data 904. The input data 904 includes input required by the computer code 914. The output device 910 displays output from the computer code 914. Either or both memory devices 902 and 912 (or one or more additional memory devices not shown in FIG. 4) may be used as a computer usable medium (or a computer readable medium or a program storage device) having a computer readable program embodied therein and/or having other data stored therein, wherein the computer readable program comprises the computer code 914. Generally, a computer program product (or, alternatively, an article of manufacture) of the computer system 900 may comprise said computer usable medium (or said program storage device).
  • Any of the components of the present invention can be deployed, managed, serviced, etc. by a service provider that offers to deploy or integrate computing infrastructure with respect to a process for authenticating an end user. Thus, the present invention discloses a process for supporting computer infrastructure, comprising integrating, hosting, maintaining and deploying computer-readable code into a computing system (e.g., computing system 900), wherein the code in combination with the computing system is capable of performing a method for authenticating an end user.
  • In another embodiment, the invention provides a business method that performs the process steps of the invention on a subscription, advertising and/or fee basis. That is, a service provider, such as a Solution Integrator, can offer to create, maintain, support, etc. a process for authenticating an end user. In this case, the service provider can create, maintain, support, etc. a computer infrastructure that performs the process steps of the invention for one or more customers. In return, the service provider can receive payment from the customer(s) under a subscription and/or fee agreement, and/or the service provider can receive payment from the sale of advertising content to one or more third parties.
  • While FIG. 4 shows the computer system 900 as a particular configuration of hardware and software, any configuration of hardware and software, as would be known to a person of ordinary skill in the art, may be utilized for the purposes stated supra in conjunction with the particular computer system 900 of FIG. 4. For example, the memory devices 902 and 912 may be portions of a single memory device rather than separate memory devices.
  • While particular embodiments of the present invention have been described herein for purposes of illustration, many modifications and changes will become apparent to those skilled in the art. Accordingly, the appended claims are intended to encompass all such modifications and changes as fall within the true spirit and scope of this invention.

Claims (20)

1. A method for authenticating an end user, said method implemented through use of a computer processor, said method comprising:
said processor receiving a selected subset of root nodes of a set of root nodes in a server mask, said selected subset of root nodes having been selected by the end user; and
in response to said receiving the selected subset of root nodes, said processor authenticating the end user by determining that the spatial location in the server mask of each root node of the selected subset of root nodes matches a spatial position of a corresponding root node of a server set of transparent root nodes in the server mask, wherein the server set of transparent root nodes are a result of a first random selection of root nodes from the set of root nodes in the server mask.
2. The method of claim 1, wherein the set of root nodes in the server mask consists of the server set of transparent root nodes and a server set of opaque root nodes.
3. The method of claim 2, wherein the server mask comprises a set of nodes, wherein each node of the set of nodes in the server mask is in a unique spatial location in the server mask, wherein the set of nodes comprises the set of root nodes.
4. The method of claim 3, wherein a client mask comprises the set of nodes, wherein each node of the set of nodes in the client mask is in a unique spatial location in the client mask, wherein each node of the set of nodes in the client mask is either transparent or opaque, wherein the set of root nodes in the client mask consists of a client set of transparent root nodes and a client set of opaque root nodes, wherein the client set of transparent root nodes are a second random selection of root nodes from the set of root nodes, wherein the selected subset of root nodes consists of the root nodes of the client set of transparent root nodes that overlap the server set of transparent root nodes while the client mask is overlayed on the displayed server mask, and wherein the client mask had been overlayed on the displayed server mask prior to said receiving the selected subset of root nodes.
5. The method of claim 4, wherein the server set of transparent root nodes comprise transparent root nodes not overlapped by any root node of the client set of transparent root nodes while the client mask is overlayed on the displayed server mask, and wherein the client set of transparent root nodes comprise transparent root nodes not overlapping any root node of the server set of transparent root nodes while the client mask is overlayed on the displayed server mask.
6. The method of claim 5, wherein a total number of nodes of the server set of transparent root nodes is greater than one half of a total number of nodes of the set of root nodes, and wherein a total number of nodes of the client set of transparent root nodes is greater than one half of the total number of nodes of the set of root nodes.
7. The method of claim 4, wherein the set of nodes further comprises a set of server nodes and a set of client nodes, wherein the set of root nodes, the set of server nodes, and the set of client nodes are mutually exclusive in both the server mask and the client mask, wherein the set of server nodes in the server mask comprise a server set of transparent server nodes, wherein the set of client nodes in the client mask comprise a client set of transparent client nodes, and both the server set of transparent server nodes and the client set of transparent client nodes appear opaque to the end user while the client mask is overlayed on the displayed server mask.
8. The method of claim 7, wherein the set of server nodes in the server mask consists of the server set of transparent server nodes and a server set of opaque server nodes, wherein the set of client nodes in the server mask consists of a server set of opaque client nodes, wherein the set of client nodes in the client mask consists of the client set of transparent client nodes and a client set of opaque client nodes, wherein the set of server nodes in the client mask consists of a client set of opaque server nodes.
9. A computer program product, comprising a computer readable physically tangible storage device having a computer readable program code stored therein, said program code configured to be executed by a processor of a computer system to implement a method for authenticating an end user, said method comprising:
said processor receiving a selected subset of root nodes of a set of root nodes in a server mask, said selected subset of root nodes having been selected by the end user; and
in response to said receiving the selected subset of root nodes, said processor authenticating the end user by determining that the spatial location in the server mask of each root node of the selected subset of root nodes matches a spatial position of a corresponding root node of a server set of transparent root nodes in the server mask, wherein the server set of transparent root nodes are a result of a first random selection of root nodes from the set of root nodes in the server mask.
10. The method of claim 9, wherein the set of root nodes in the server mask consists of the server set of transparent root nodes and a server set of opaque root nodes.
11. The method of claim 10, wherein the server mask comprises a set of nodes, wherein each node of the set of nodes in the server mask is in a unique spatial location in the server mask, wherein the set of nodes comprises the set of root nodes.
12. The method of claim 11, wherein a client mask comprises the set of nodes, wherein each node of the set of nodes in the client mask is in a unique spatial location in the client mask, wherein each node of the set of nodes in the client mask is either transparent or opaque, wherein the set of root nodes in the client mask consists of a client set of transparent root nodes and a client set of opaque root nodes, wherein the client set of transparent root nodes are a second random selection of root nodes from the set of root nodes, wherein the selected subset of root nodes consists of the root nodes of the client set of transparent root nodes that overlap the server set of transparent root nodes while the client mask is overlayed on the displayed server mask, and wherein the client mask had been overlayed on the displayed server mask prior to said receiving the selected subset of root nodes.
13. A computer system comprising a processor and a computer readable memory unit coupled to the processor, said memory unit containing program code configured to be executed by the processor to implement a method for authenticating an end user, said method comprising:
said processor receiving a selected subset of root nodes of a set of root nodes in a server mask, said selected subset of root nodes having been selected by the end user; and
in response to said receiving the selected subset of root nodes, said processor authenticating the end user by determining that the spatial location in the server mask of each root node of the selected subset of root nodes matches a spatial position of a corresponding root node of a server set of transparent root nodes in the server mask, wherein the server set of transparent root nodes are a result of a first random selection of root nodes from the set of root nodes in the server mask.
14. The method of claim 13, wherein the set of root nodes in the server mask consists of the server set of transparent root nodes and a server set of opaque root nodes.
15. The method of claim 14, wherein the server mask comprises a set of nodes, wherein each node of the set of nodes in the server mask is in a unique spatial location in the server mask, wherein the set of nodes comprises the set of root nodes.
16. The method of claim 15, wherein a client mask comprises the set of nodes, wherein each node of the set of nodes in the client mask is in a unique spatial location in the client mask, wherein each node of the set of nodes in the client mask is either transparent or opaque, wherein the set of root nodes in the client mask consists of a client set of transparent root nodes and a client set of opaque root nodes, wherein the client set of transparent root nodes are a second random selection of root nodes from the set of root nodes, wherein the selected subset of root nodes consists of the root nodes of the client set of transparent root nodes that overlap the server set of transparent root nodes while the client mask is overlayed on the displayed server mask, and wherein the client mask had been overlayed on the displayed server mask prior to said receiving the selected subset of root nodes.
17. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in a computing system, wherein said code in combination with the computing system is capable of implementing a method for authenticating an end user, said method implemented through use of a computer processor, said method comprising:
said processor receiving a selected subset of root nodes of a set of root nodes in a server mask, said selected subset of root nodes having been selected by the end user; and
in response to said receiving the selected subset of root nodes, said processor authenticating the end user by determining that the spatial location in the server mask of each root node of the selected subset of root nodes matches a spatial position of a corresponding root node of a server set of transparent root nodes in the server mask, wherein the server set of transparent root nodes are a result of a first random selection of root nodes from the set of root nodes in the server mask.
18. The method of claim 17, wherein the set of root nodes in the server mask consists of the server set of transparent root nodes and a server set of opaque root nodes.
19. The method of claim 18, wherein the server mask comprises a set of nodes, wherein each node of the set of nodes in the server mask is in a unique spatial location in the server mask, wherein the set of nodes comprises the set of root nodes.
20. The method of claim 19, wherein a client mask comprises the set of nodes, wherein each node of the set of nodes in the client mask is in a unique spatial location in the client mask, wherein each node of the set of nodes in the client mask is either transparent or opaque, wherein the set of root nodes in the client mask consists of a client set of transparent root nodes and a client set of opaque root nodes, wherein the client set of transparent root nodes are a second random selection of root nodes from the set of root nodes, wherein the selected subset of root nodes consists of the root nodes of the client set of transparent root nodes that overlap the server set of transparent root nodes while the client mask is overlayed on the displayed server mask, and wherein the client mask had been overlayed on the displayed server mask prior to said receiving the selected subset of root nodes.
US13/451,952 2008-05-06 2012-04-20 Method and system for authenticating an end user Expired - Fee Related US8875250B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US13/451,952 US8875250B2 (en) 2008-05-06 2012-04-20 Method and system for authenticating an end user
US14/492,150 US9350722B2 (en) 2008-05-06 2014-09-22 Authentication of an end user

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
EP08305152 2008-05-06
EP08305152 2008-05-06
EPEP08305152.4 2008-05-06
US12/128,060 US8201227B2 (en) 2008-05-06 2008-05-28 System and method for authenticating an end user
US13/451,952 US8875250B2 (en) 2008-05-06 2012-04-20 Method and system for authenticating an end user

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/128,060 Continuation US8201227B2 (en) 2008-05-06 2008-05-28 System and method for authenticating an end user

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/492,150 Continuation US9350722B2 (en) 2008-05-06 2014-09-22 Authentication of an end user

Publications (2)

Publication Number Publication Date
US20120204229A1 true US20120204229A1 (en) 2012-08-09
US8875250B2 US8875250B2 (en) 2014-10-28

Family

ID=41267971

Family Applications (3)

Application Number Title Priority Date Filing Date
US12/128,060 Expired - Fee Related US8201227B2 (en) 2008-05-06 2008-05-28 System and method for authenticating an end user
US13/451,952 Expired - Fee Related US8875250B2 (en) 2008-05-06 2012-04-20 Method and system for authenticating an end user
US14/492,150 Expired - Fee Related US9350722B2 (en) 2008-05-06 2014-09-22 Authentication of an end user

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/128,060 Expired - Fee Related US8201227B2 (en) 2008-05-06 2008-05-28 System and method for authenticating an end user

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/492,150 Expired - Fee Related US9350722B2 (en) 2008-05-06 2014-09-22 Authentication of an end user

Country Status (1)

Country Link
US (3) US8201227B2 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100024004A1 (en) * 2007-12-31 2010-01-28 International Business Machines Corporation Method and system for securing access to an unsecure network utilizing a transparent identification member
US8355993B2 (en) 2008-11-28 2013-01-15 International Business Machines Corporation Authentication of an end user
US8655788B2 (en) 2008-11-28 2014-02-18 International Business Machines Corporation Authentication of an end user
US8875250B2 (en) 2008-05-06 2014-10-28 International Business Machines Corporation Method and system for authenticating an end user
US20140325678A1 (en) * 2013-04-30 2014-10-30 Microsoft Corporation Optical security enhancement device
CN105095702A (en) * 2014-05-09 2015-11-25 宇龙计算机通信科技(深圳)有限公司 Method and device for controlling super user permission
US9418215B2 (en) 2013-04-30 2016-08-16 Microsoft Technology Licensing, Llc Optical security enhancement device

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2009217493B2 (en) * 2008-02-26 2013-06-13 Merck Sharp & Dohme Corp. Hexahydrocyclopentyl[f]indazole carboxamides and derivatives thereof as selective glucocorticoid receptor modulators
US10396992B2 (en) * 2014-06-30 2019-08-27 Vescel, Llc Authentication of a user and/or a device through parallel synchronous update of immutable hash histories
US11343101B2 (en) * 2015-08-11 2022-05-24 Vescel, Llc Authentication through verification of an evolving identity credential
US20230199014A1 (en) * 2021-12-16 2023-06-22 International Business Machines Corporation Dark pattern detection and mitigation
US12147559B1 (en) * 2023-12-29 2024-11-19 Fmr Llc Secure geolocation-based data access control in a distributed computing environment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5251259A (en) * 1992-08-20 1993-10-05 Mosley Ernest D Personal identification system

Family Cites Families (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4016404A (en) * 1975-08-05 1977-04-05 Frank Appleton Credit card verifier
US4670644A (en) * 1985-02-04 1987-06-02 Grayson Robert E Credit card security system
EP0371787A2 (en) * 1988-11-30 1990-06-06 LaPointe, Jacques Decryption device
US5450491A (en) * 1993-08-26 1995-09-12 At&T Corp. Authenticator card and system
US5488664A (en) * 1994-04-22 1996-01-30 Yeda Research And Development Co., Ltd. Method and apparatus for protecting visual information with printed cryptographic watermarks
US5742035A (en) * 1996-04-19 1998-04-21 Kohut; Michael L. Memory aiding device for credit card pin numbers
JPH10307799A (en) 1997-02-28 1998-11-17 Media Konekuto:Kk Personal identification method and device in computer communication network
US5939699A (en) * 1997-05-28 1999-08-17 Motorola, Inc. Bar code display apparatus
JPH11149454A (en) * 1997-09-10 1999-06-02 Fujitsu Ltd Authentication device, user authentication method, user authentication card, and storage medium
JP2000172644A (en) 1998-12-03 2000-06-23 Fujitsu Ltd Personal authentication method and personal authentication device
US20010026248A1 (en) 1999-11-30 2001-10-04 Andrew Goren Method and apparatus for providing visual display security
AUPQ958400A0 (en) * 2000-08-22 2000-09-14 Cmx Technologies Pty Ltd Validation of transactions
JP4090251B2 (en) 2002-03-05 2008-05-28 パスロジ株式会社 Authentication device, authentication method, and program
US9281945B2 (en) * 2003-12-30 2016-03-08 Entrust, Inc. Offline methods for authentication in a client/server authentication system
US9191215B2 (en) 2003-12-30 2015-11-17 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques
US20050144450A1 (en) * 2003-12-30 2005-06-30 Entrust Limited Method and apparatus for providing mutual authentication between a sending unit and a recipient
US20050140497A1 (en) * 2003-12-30 2005-06-30 Entrust Limited Method and apparatus for securely providing identification information using translucent identification member with filter
US8612757B2 (en) * 2003-12-30 2013-12-17 Entrust, Inc. Method and apparatus for securely providing identification information using translucent identification member
US8230486B2 (en) * 2003-12-30 2012-07-24 Entrust, Inc. Method and apparatus for providing mutual authentication between a sending unit and a recipient
US8966579B2 (en) * 2003-12-30 2015-02-24 Entrust, Inc. Method and apparatus for providing authentication between a sending unit and a recipient based on challenge usage data
US20060031174A1 (en) * 2004-07-20 2006-02-09 Scribocel, Inc. Method of authentication and indentification for computerized and networked systems
WO2006085151A2 (en) * 2004-12-06 2006-08-17 Dspv, Ltd System and method of generic symbol recognition and user authentication using a communication device with imaging capabilities
WO2006092960A1 (en) * 2005-02-28 2006-09-08 National University Of Corporation Hiroshima University Authenticating device
JP2007118395A (en) * 2005-10-28 2007-05-17 Is Corp Authentication card having security function enabling visual recognition of personal authentication card and manufacturing method thereof
EP1943605A1 (en) 2005-11-04 2008-07-16 Christian Hogl Method and system for transmitting data from a first data processing device to a second data processing device
EP1987463A1 (en) * 2006-02-21 2008-11-05 WEISS, Kenneth P. Method and apparatus for secure access payment and identification
US20070277224A1 (en) * 2006-05-24 2007-11-29 Osborn Steven L Methods and Systems for Graphical Image Authentication
US7672906B2 (en) * 2006-06-29 2010-03-02 Asaf Schwartz Randomly generated color grid used to ensure multi-factor authentication
US7266693B1 (en) * 2007-02-13 2007-09-04 U.S. Bancorp Licensing, Inc. Validated mutual authentication
US8646040B2 (en) * 2007-12-31 2014-02-04 International Business Machines Corporation Method and system for securing access to an unsecure network utilizing a transparent identification member
US8201227B2 (en) 2008-05-06 2012-06-12 International Business Machines Corporation System and method for authenticating an end user
US7659869B1 (en) * 2008-11-21 2010-02-09 Inernational Business Machines Corporation System and method for authenticating an end user
US8260717B2 (en) 2008-11-28 2012-09-04 International Business Machines Corporation System and method for authenticating an end user
US8260718B2 (en) * 2008-11-28 2012-09-04 International Business Machines Corporation System and method for authenticating an end user

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5251259A (en) * 1992-08-20 1993-10-05 Mosley Ernest D Personal identification system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Zhao et al. "Anti-Phishing Mutual Authentication Using Visual Secret Sharing Scheme." Information Theory and its Applications (SITA) (October 17-20, 2010), 2010 International Symposium, pp 560-565 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100024004A1 (en) * 2007-12-31 2010-01-28 International Business Machines Corporation Method and system for securing access to an unsecure network utilizing a transparent identification member
US8646040B2 (en) 2007-12-31 2014-02-04 International Business Machines Corporation Method and system for securing access to an unsecure network utilizing a transparent identification member
US8875250B2 (en) 2008-05-06 2014-10-28 International Business Machines Corporation Method and system for authenticating an end user
US9350722B2 (en) 2008-05-06 2016-05-24 International Business Machines Corporation Authentication of an end user
US8355993B2 (en) 2008-11-28 2013-01-15 International Business Machines Corporation Authentication of an end user
US8645281B2 (en) 2008-11-28 2014-02-04 International Business Machines Corporation Process for authenticating an end user
US8655788B2 (en) 2008-11-28 2014-02-18 International Business Machines Corporation Authentication of an end user
US8843418B2 (en) 2008-11-28 2014-09-23 International Business Machines Corporation Authentication of an end user
US20140325678A1 (en) * 2013-04-30 2014-10-30 Microsoft Corporation Optical security enhancement device
US9418215B2 (en) 2013-04-30 2016-08-16 Microsoft Technology Licensing, Llc Optical security enhancement device
US9514316B2 (en) * 2013-04-30 2016-12-06 Microsoft Technology Licensing, Llc Optical security enhancement device
CN105095702A (en) * 2014-05-09 2015-11-25 宇龙计算机通信科技(深圳)有限公司 Method and device for controlling super user permission

Also Published As

Publication number Publication date
US20090282464A1 (en) 2009-11-12
US9350722B2 (en) 2016-05-24
US8875250B2 (en) 2014-10-28
US20150012983A1 (en) 2015-01-08
US8201227B2 (en) 2012-06-12

Similar Documents

Publication Publication Date Title
US8875250B2 (en) Method and system for authenticating an end user
US7659869B1 (en) System and method for authenticating an end user
US8843418B2 (en) Authentication of an end user
US11956243B2 (en) Unified identity verification
JP6680840B2 (en) Automatic detection of fraudulent digital certificates
US8355993B2 (en) Authentication of an end user
CN100588156C (en) Method and apparatus for providing electronic message authentication
US20130290707A1 (en) Information distribution system
US8060447B2 (en) Method of providing transactions employing advertising based verification
US20100100958A1 (en) Visual display of website trustworthiness to a user
KR101070727B1 (en) Authentication system and method using coordinate area and secret key value
CN118568771A (en) Method, apparatus, medium and program product for asset privacy attestation
US20120136788A1 (en) System and method for secure transfer of funds
Crispo et al. WWW security and trusted third party services
Esche et al. Conformity assessment of photo-optical measurement data registration in legal metrology: Ensuring admissibility as evidence of measurement data retrieved from legacy utility meters
AU2013201574B1 (en) An information distribution system
Singh et al. Towards a Two Factor Authentication Method Using Zero-Knowledge Protocol in Online Banking Services

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.)

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Expired due to failure to pay maintenance fee

Effective date: 20181028